Telegram groups fuel new UPI fraud technique: CloudSEK

New Delhi: Online fraudsters are using new technology to bypass security features of UPI apps and carry out financial transactions, according to a report by cyber intelligence firm CloudSEK.

The report identified at least 20 active groups on messaging platform Telegram, each with more than 100 members, where a toolkit called “Digital Lutera” is being discussed, distributed and used for fraud.

“This is not just another UPI malware variant. Digital Lutera represents a structural attack on device trust. When the operating system itself is manipulated, traditional safeguards like SIM-binding and app signature checks become unreliable,” said CloudSEK Threat Researcher Shobhit Mishra. CloudSEK said analysis of one such group showed transactions worth Rs 25–30 lakh being processed within just two days, highlighting how quickly the fraud model is scaling. SIM-binding is a key security feature used by UPI apps to ensure that a bank account is linked to a specific mobile device. Transactions are processed only after verifying the SIM linked to the bank account. According to the report, the attack typically begins when a user unknowingly installs a malicious APK file disguised as routine communication, such as a traffic fine notice or a wedding invitation. Once installed, the malware gains access to the phone’s SMS permissions.